ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How to Secure Your Wordpress Blog From Brute Force Attacks?

Updated on August 27, 2017
Anamika S profile image

Anamika S Jain is a Social Media Consultant who handles the FaceBook, Twitter and Blog of a top Bollywood Actress.

Securing Wordpress Site From Hacking Attempts

A major concern with most WordPress users is the safety of their sites. Wordpress is a much-liked platform for blogging as it is SEO friendly. However, WordPress sites also are more vulnerable to hacker attacks. No matter how much effort you have put to secure your site, there are evil guys around waiting to steal your site. These guys are masters of their trade. They are so smart that an ordinary blogger may not even come to know even after being hacked. As the popular saying goes, prevention is better than cure. Rather than putting your sites to risk and then spending time and money in recovering the sites, it’s worth putting some efforts to ensure the security of your sites.

Over 30,000 WordPress sites have already been hacked and taken control over by the bad guys. The hackers may use these sites to send spam emails, crash servers, make money, plant further virus and so much more. For the past one month or so, brute force attacks have increased to a considerable extent. Thousands of bloggers have lost their sites, personal details compromised and even lost their hosting accounts. Just because, you have not been hit does not mean that you are safe. Even if you manage to survive the hacking attempts, you may still end up paying an extra traffic bill to your hosting company because of their numerous attempts to break into your website or blog. Though you may not be able to make your WordPress sites 100% hacker proof, you can certainly reduce the chances of the sites getting hacked. This can be done by hiding the WordPress installation from hackers.

My first WordPress site got hacked and some malicious code was installed by the hackers within 3 months of starting it. One day I found my hosting account suspended and I could not log in to my site. When I contacted the hosting company, they treated me as if I am some criminal. However, they helped me recover my domain to the starting state, but all my data was lost. I had written over 90 blog posts and did not have any backup. The hosting company further warned me that in the event of it happening again, I would lose the hosting account. I never felt insulted that much in my whole life and decided that I need to take steps to secure my domains. I read all stuff I could get on WordPress security and even got many premium plugins to protect my blogs. My efforts paid off, and I managed to reduce the internet footprints to prevent brute force attacks from hackers. The hackers are a smart lot and may come up with new ways of breaking into sites, so it is worth taking precautions to stop them on their track. If you have an online WordPress sites empire or manage WordPress based clients sites, you need to take steps to protect your sites.

Beware! Your Computer may be at risk.
Beware! Your Computer may be at risk.
WordPress Blog Security Plugins and Tips
WordPress Blog Security Plugins and Tips

How to Protect Your Wordpress Site From Hackers?

Do you want to secure your WordPress sites from hackers? Given below are some steps you can take to ensure the security of your sites.

  1. Keep your computer clean: It is advisable that you have a private connection. Try not access your site from public computers. Make sure you run a virus scan on your own computer to ensure that it is clean at all times. Most hackers try to infect your computer with malicious viruses first. I advise a combination of Kaspersky internet security and Malwarebytes antI-malware pro version.
  2. Reliable web hosting: Get the hosting account for your WordPress sites from reliable hosting companies like Bluehost.
  3. Have strong user name and passwords: Your password and user name should be in a combination of capital letters, small letters, numbers, and symbols. Avoid user names like admin, user, 1, administrator and manager that are quite easy to guess. However, if you happen to have such a username you can add a new secure user with a strong password and user name and then delete the old user. For this, under users in your admin panel click on add a new user. Make sure that the user name and password comprises of at least 8 characters and use a combination of upper and lowercase letters, numbers, and symbols to create the username and password. Give admin rights to this new user. Now log out of your admin panel and log in as the new user. Go to user section and delete the old user. However, make sure that you remember your new login details. Also, avoid passwords like password and 12345.
  4. Themes: Use the free themes hosted by WordPress or premium themes from reputed theme makers like catch themes or woo themes. Delete the unused themes from the theme area.
  5. Add WordPress security plugins: Wordpress security plugins can add an extra layer of protection to your sites. Some of the best plugins you can use to secure your sites are bulletproof security, better wp security, secure WordPress, Sucuri SiteCheck malware scanner, wp security scan, login lockdown, ask apache password protect and wp- brute force. The pro or premium versions of these plugins offer better security from hackers, so I advise you to spend money on it. We spend so much money to protect our physical assets by investing in lockers, security personnel, and security devices. Why not get the best protection for our virtual real estate? Just adding the plugins is not enough, activate them and configure them correctly. However, keep checking your sites as you make changes as some changes may break the site. It is advisable to install these plugins at the time of WordPress installation itself. If it is an existing site, make sure you do a backup before configuring the plugins as some changes may not be compatible with your WordPress theme, the plugins you use or your server configuration. Configuring the plugins is quite a tedious task. If you need assistance configuring, I would happily do it at a reasonable price.
  6. Change file permissions: Use FileZilla FTP software to access your site and change ht access file, wp-blog-header.Php, wp-config.Php and index.Php file permission to 404. Also, change wp-admin and wp-content to permission 705. However, make sure use refresh the site every time a change is made to ensure that it is not broken. Now delete readme.Html from public HTML folder. Next, go to the wp-config folder and delete install.Php and install-helper.Php.
  7. Keep your WordPress updated: Make sure you keep your WordPress version, plugins, and themes updated at all times. Also, try to limit the number of plugins. Also, make sure that you back up the site regularly so that you have the data to restore your site if needed. You may use wp online backup, vault press, backup buddy or wp DB backup for this purpose.

Now that, you have done the above steps you are ahead of thousands of WordPress users who do nothing to secure their sites. However, remember that your sites are still not 100% secured. You only have reduced the chances of your sites getting hacked.

Was this hub helpful to you? Feel free to share your opinions by way of comments. Liked this hub? Please feel free to share this hub link on social networking sites.

Bad Login Attempts on one of my WordPress Blogs
Bad Login Attempts on one of my WordPress Blogs

How to Secure your Wordpress Site for Free?

WordPress Security Threats and Tips by Dre Armeda of Sucuri

How to fix a Hacked Wordpress Site?

Will you spend money on the security of your Wordpress sites?

See results

© 2013 Anamika S Jain

Comments

Submit a Comment

  • SpaceShanty profile image

    SpaceShanty 

    4 years ago from United Kingdom

    Interesting page, I never considered someone would want to hack a Wordpress page.

  • DDE profile image

    Devika Primić 

    5 years ago from Dubrovnik, Croatia

    How to secure your Wordpress Blog from Brute Force attacks? well advised and pointed out, this hub is informative and most helpful to this appraoch

  • Don Bobbitt profile image

    Don Bobbitt 

    5 years ago from Ruskin Florida

    Great Article. Voted UP and Interesting. I presently have three sites.domains with WordPress and I really like their product. Your article is being Pinned to my Pinterest site for future reference as I implement some of your suggestions.

    Thanks,

    DON

  • rebeccamealey profile image

    Rebecca Mealey 

    5 years ago from Northeastern Georgia, USA

    This was SO helpful! I see a few things I need to do to my Word press site. Thanks so much voted useful and shared!

  • NateB11 profile image

    Nathan Bernardo 

    5 years ago from California, United States of America

    Very useful and valuable information you've presented here. I immediately became concerned about the safety of my sites because of the advice of conscientious writers like yourself and started thinking of measures to keep it safe, including paying for a back-up service; I will definitely include your very important suggestions here to my repertoire.

  • Victoria Lynn profile image

    Victoria Lynn 

    5 years ago from Arkansas, USA

    I've never really thought about hackers. I'm setting up a site now; I think I did sign up for some security stuff. Very informative and helpful hub!

  • midget38 profile image

    Michelle Liew 

    5 years ago from Singapore

    Thanks for the tips, and this is so important, Anamika. I had a hacker go into one of my sites and my IP add ended up being blocked for no reason. Thanks for sharing...will bear these in mind.

  • kashmir56 profile image

    Thomas Silvia 

    5 years ago from Massachusetts

    Very useful and valuable information that all users of wordpress can use to secure their wordpress blog.

    Vote up and more !!!

  • Anamika S profile imageAUTHOR

    Anamika S Jain 

    5 years ago from Mumbai - Maharashtra, India

    @Patkay That's not true! I am no expert of WordPress. As the saying goes, necessity is the mother of invention and I had to learn. You many activate Akismet plugin for your comments problem. If you wish you can close comments altogether by opting for 'no comments'.

  • Patkay profile image

    Patrick Kamau 

    5 years ago from Nairobi, Kenya

    Thanks for sharing this. Better you, you know much about wordpress. For me I am struggling even with simple things. Do you have an idea why I get a lot of spam comments and what I should do about them?

  • Anamika S profile imageAUTHOR

    Anamika S Jain 

    5 years ago from Mumbai - Maharashtra, India

    Thanks for the appreciation SilverGenes. I am happy that you found the information helpful.

  • profile image

    SilverGenes 

    5 years ago

    Excellent article! I have done almost all these things except for the file permissions so I'll have to double check with the CDN I'm using. I have my sites on CloudFlare now with high security checked , aggressive caching, and automatic rocket loader. Even with all this, I had a scare yesterday when all my internal links suddenly showed 404 errors. Turns out it was my own fault - after updating SuperCache and Bulletproof, I had forgotten about the permalinks - easily resolved. You've done a fantastic job of outlining things step by step! Thank you so much for making it easy for us to protect ourselves without having to spend a week researching all the bits and pieces. Wonderful!

working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)